Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25678 | 2 C4g, Gatech | 2 Basic Laboratory Information System, Computing For Good\'s Basic Laboratory Information System | 2026-04-20 | 8.2 High |
| C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials. | ||||
| CVE-2019-5644 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 10 Critical |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator. | ||||
| CVE-2019-5643 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 5.3 Medium |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation. | ||||
| CVE-2019-5617 | 1 Gatech | 1 Computing For Good\'s Basic Laboratory Information System | 2024-11-21 | 10 Critical |
| Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user. | ||||
Page 1 of 1.